Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and OAuth
Managing Kubernetes namespaces
Integrations
Health Checks
Dynatrace Integration
Restricting Testing Times
Command Line Interface
Reliability Intelligence
Reports
Private Network Integration (PNI) Agent
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services
Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Disaster Recovery Tests
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Configuring Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Using Failure Flags by proxy
Running Failure Flags experiments
Troubleshooting Failure Flags
API Reference
Getting started with the Gremlin API
API reference: Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
GeneralLinuxIntegration Agent for LinuxWindowsChaoHelmFailure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossaryHelp and support
Start your 30 day free trial.
START FOR FREE
Docs Home
Failure Flags
Deploying Failure Flags on Kubernetes

Deploying Failure Flags on Kubernetes

Supported platforms:

N/A

This document will walk you through setting up Failure Flags for your Kubernetes Pods. Gremlin provides a sidecar container called "Failure-Flags-Sidecar" that runs in the same pod as your application. Failure-Flags-Sidecar container images are available via DockerHub and support both AMD64/x86_64 and ARM64 architectures. These container images include a LICENSE file and a single binary program built for Linux. Alternatively, you can download archives directly: arm64, x86_64.

All versions are listed in a file at: https://assets.gremlin.com/packages/failure-flags-sidecar/VERSIONS.

Configuring Failure Flags for Kubernetes

In addition to the common configuration options, Failure Flags on Kubernetes accepts the following options:

Environment variable Config file property Description
SERVICE_NAME service_name Set to the name of the service as you want it to appear in Gremlin. Service names can only contain alphanumeric characters, hyphens, and underscores, and must be less than 64 characters long. This is required for Kubernetes.

Adding the sidecar to your Kubernetes manifest

To add the sidecar, define the sidecar container in the same Pod as your application. For example, this deployment adds the sidecar container and uses Kubernetes Secrets to securely store authentication details. The Failure Flag service will show in Gremlin as demo-application:

YAML
apiVersion: v1
kind: Secret
metadata:
  name: example-gremlin-secret
type: Opaque
data:
  ## Base64 Encoded Gremlin Team Id
  team_id: ZmZmZmZmZmYtZmZmZi1mZmZmLWZmZmYtZmZmZmZmZmZmZmZmCg==
  ## Base64 Encoded Gremlin Team Certificate
  team_certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkV4YW1wbGVYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWApYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgKWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYClhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWApYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgKWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYClhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWApYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgKWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYClhYWFhYWFhYCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  ## Gremlin Team Certificate
  team_private_key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCkV4YW1wbGVYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWApYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgKWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWD09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sidecar-demo
  labels:
    app: sidecar-demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sidecar-demo
  template:
    metadata:
      labels:
        app: sidecar-demo
    spec:
      containers:
       - name: demo-application
         image: YOUR IMAGE HERE
         env:
          ## FAILURE_FLAGS_ENABLED
          - name: FAILURE_FLAGS_ENABLED
            value: "true"

       ## THIS CONTAINER IS THE SIDECAR
       - name: gremlin
         image: gremlin/failure-flags-sidecar:latest
         imagePullPolicy: Always
         env:
          ## GREMLIN_SIDECAR_ENABLED
          - name: GREMLIN_SIDECAR_ENABLED
            value: "true"
          ## GREMLIN_TEAM_ID
          - name: GREMLIN_TEAM_ID
            valueFrom:
              secretKeyRef:
                name: example-gremlin-secret
                key: team_id
          ## GREMLIN_TEAM_CERTIFICATE
          - name: GREMLIN_TEAM_CERTIFICATE
            valueFrom:
              secretKeyRef:
                name: example-gremlin-secret
                key: team_certificate
          ## GREMLIN_TEAM_PRIVATE_KEY
          - name: GREMLIN_TEAM_PRIVATE_KEY
            valueFrom:
              secretKeyRef:
                name: example-gremlin-secret
                key: team_private_key
          ## GREMLIN_DEBUG will enable debug logging to standard out of the sidecar
          - name: GREMLIN_DEBUG
            value: "true"
          ## SERVICE_NAME is the name of the application you're connecting to Gremlin
          ## This can only contain alphanumeric characters, hyphens, and underscores
          - name: SERVICE_NAME
            value: "demo-application"
          ## REGION is the name of the region or data center you're deploying into (for targeting)
          - name: REGION
            value: "demo"
---
apiVersion: v1
kind: Service
metadata:
  name: demo-entrypoint
spec:
  type: NodePort
  selector:
    app: sidecar-demo
  ports:
   - port: 3000
     targetPort: 3000
     nodePort: 30001

Privileges required

Privilege Description
CLIENTS_READAllows reading all client information within the team
CLIENTS_WRITEAllows editing all client information within the team
Deploying Failure Flags on AWS ECS
Previous
Previous
Installing the Failure Flags SDK
Next
Next
On this page
Back to top